package cn.net.mtons.web.interceptors;

import java.util.HashSet;
import java.util.Set;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

import org.apache.log4j.Logger;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;

import cn.net.mtons.web.Application;
import cn.net.mtons.web.interfaces.IAuthorityManager;

/**
 * <pre>
 * 权限拦截器
 * 一、登陆时权限验证
 * 二、执行操作时权限验证
 * </pre>
 * @author cl
 *
 */
public class AuthorityHandlerInterceptor implements HandlerInterceptor {

	
	private static Logger log = Logger.getLogger( "authority" );
	
	@Autowired
	private Application app;
	
	private String redirectUrl = "";
	private boolean debugMode = false;
	
	public boolean isDebugMode() {
		return debugMode;
	}

	public void setDebugMode(boolean debugMode) {
		this.debugMode = debugMode;
	}

	private Set<String> whiteList = new HashSet<String>();
	
	public void setRedirectUrl(String redirectUrl) {
		this.redirectUrl = redirectUrl;
	}

	public Set<String> getWhiteList() {
		return whiteList;
	}


	public void setWhiteList(Set<String> whiteList) {
		this.whiteList = whiteList;
	}


	@Override
	public void afterCompletion( HttpServletRequest request, 
									HttpServletResponse response, 
									Object obj, 
									Exception e 
								) throws Exception {
		response.setStatus(200);
		//System.out.println( obj );
	}

	@Override
	public void postHandle( HttpServletRequest request, 
								HttpServletResponse response, 
								Object obj, 
								ModelAndView mv 
							) throws Exception {
		response.setStatus(200);
		// TODO Auto-generated method stubv
		//System.out.println( obj );
	}

	@Override
	public boolean preHandle( HttpServletRequest request, 
								HttpServletResponse response,
								Object obj 
							 ) throws Exception {
		response.setStatus(200);
		// TODO Auto-generated method stub
		HttpSession session = request.getSession( false );
		if ( debugMode) {
			
			if ( session == null ) {
				log.warn( "Debug模式 -> 创建用户权限!" );
				session = request.getSession( true );
				
				StringBuilder authorityStr = new StringBuilder();
				
				IAuthorityManager authorityManager = app.getBean( "authorityManager", IAuthorityManager.class );
				authorityManager.init();
				
				session.setAttribute( IAuthorityManager.SESSION_KEY, authorityManager );
				session.setAttribute( "authorityStr", authorityStr.toString() );
				//session.setAttribute( SpriteUploader.SESSION_KEY, new SpriteUploader() );
				authorityManager.authorization( session );
			}
			
			return true;
			
		} else {
			
			String uri = request.getRequestURI();
			if ( session == null 
					|| session.getAttribute("authorityManager") == null
					) {//检测是否存在session对象
				
				if ( matching(uri) ) {
					log.debug( "拦截器放行白名单请求:"+uri );
					return true;
				} else {
					response.sendRedirect( redirectUrl );
					return false;
				}
				
			} else {
				return true;//以上为session判断 
			}
			
		}
		
	}

	private boolean matching( String uri ) {
		for ( String white : whiteList ) {
			if ( uri.endsWith(white) ) {
				return true;
			}
		}
		return false;
	}
	
}